diff --git a/CHANGELOG.md b/CHANGELOG.md index 4c038dd9bb..4a1d15aeb9 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -8,10 +8,12 @@ This project adheres to [Semantic Versioning](http://semver.org/). ## [1.6.6 / 5.61.6] - 2023-01-? -## Changed -- improved trace log retrival greately improving performance +### Changed +- reworked trace log retrival to greately improving performance - improved list/tree finder - improved trace logging +- enabled drop admin rights option for compartment style boxes +-- Note: programs started unsandboxed can not have rights dropped, but UAC prompts and elevation from within the sandboxed are blocked ### Fixed - fixed potential BSOD issue in the driver @@ -22,6 +24,8 @@ This project adheres to [Semantic Versioning](http://semver.org/). + + ## [1.6.5 / 5.61.5] - 2023-01-10 ### Added diff --git a/Sandboxie/core/svc/main.cpp b/Sandboxie/core/svc/main.cpp index 0064ac9454..516ca3e1a0 100644 --- a/Sandboxie/core/svc/main.cpp +++ b/Sandboxie/core/svc/main.cpp @@ -515,8 +515,9 @@ bool RestrictToken(void) bool CheckDropRights(const WCHAR *BoxName) { - if (SbieApi_QueryConfBool(BoxName, L"NoSecurityIsolation", FALSE)) - return false; // if we are not swapping the token we can not drop admin rights so keep this consistent + // Allow setting of DropAdminRights to supress UAC prompts / elevation from the sandboxed realm + //if (SbieApi_QueryConfBool(BoxName, L"NoSecurityIsolation", FALSE)) + // return false; // if we are not swapping the token we can not drop admin rights so keep this consistent if (SbieApi_QueryConfBool(BoxName, L"UseSecurityMode", FALSE)) return true; if (SbieApi_QueryConfBool(BoxName, L"DropAdminRights", FALSE))